“`html
Greetings to this week’s installment of Cybersecurity News Recap! In this edition, we bring you the most recent updates and significant progress across the threat landscape.
Stay proactive regarding risks with essential insights on freshly uncovered Chrome and Gemini vulnerabilities, the rise of intricate Linux malware, and a thorough examination of the burgeoning “man-in-the-prompt” attack strategy aimed at AI systems.
Whether you’re an IT expert, security aficionado, or merely worried about online safety, our compilation provides vital information and practical takeaways to ensure your security in an ever-changing cyber arena.
1. New Shuyal Malware Hits 19 Popular Browsers
A recent variant of the Shuyal malware family is targeting 19 widely utilized web browsers. Shuyal’s operators utilize sophisticated evasion tactics to circumvent security measures and implement multi-stage payloads, presenting a substantial risk to organizations depending on mainstream browsers.
Read more: cybersecuritynews.com/new-shuyal-attacking-19-popular-browsers/
2. Muddled Libra Shifts to Voice Phishing for Rapid Corporate Breaches
The Muddled Libra group has transitioned from email phishing to advanced voice-based social engineering (vishing), focusing on organizational call centers. By masquerading as employees, they persuade IT support to reset credentials and MFA, providing near-immediate access to sensitive systems. Attackers can attain domain admin privileges in under 40 minutes and have broadened their focus to government, insurance, retail, and aviation sectors.
Read more: cybersecuritynews.com/muddled-libra-actors-attacking-organizations/
3. IIS Servers Attacked with Advanced Web Shell Script
Cybercriminals are aggressively exploiting flaws in Microsoft IIS servers using a new web shell script, permitting covert remote code execution and enduring access. System administrators are urged to patch and monitor their servers for any unusual activity.
Read more: cybersecuritynews.com/hackers-attacking-iis-servers-with-new-web-shell-script/
4. SAP NetWeaver Zero-Day Exploited by Multiple Threat Actors
Researchers have reported ongoing exploitation of a critical SAP NetWeaver vulnerability (CVE-2025-31324). The flaw allows unauthenticated attackers to upload harmful files and execute remote commands, targeting both Windows and Linux installations. The patch has been issued—customers must act swiftly.
Read more: cybersecuritynews.com/sap-netweaver-vulnerability-exploited-malware/
5. ATM Networks Breached Using Raspberry Pi Devices
A financially driven group, UNC2891, accessed ATM networks by physically deploying a 4G-enabled Raspberry Pi device. This attack exploited both physical and digital vulnerabilities, allowing remote command-and-control access and threatening financial fraud through concealed rootkits and unnoticed malware.
Read more: cybersecuritynews.com/atm-network-hacked-using-raspberry-pi/
6. SharePoint Servers Severely Exposed to Internet Attacks
A zero-day vulnerability impacting on-premises SharePoint servers is currently being exploited. Affected organizations are strongly advised to take all internet-facing SharePoint instances offline and apply available patches. SharePoint Online remains unaffected.
Read more: cybersecuritynews.com/sharepoint-servers-exposed-to-internet/
7. EDR-on-EDR Attacks Highlight Endpoint Security Risks
Cyber attackers are now exploiting vulnerabilities in Endpoint Detection and Response (EDR) solutions to target and neutralize rival EDR products within the same network, facilitating the deployment of unnoticed malware. This emphasizes the necessity for strong EDR configurations and multi-layered defenses.
Read more: cybersecuritynews.com/edr-on-edr-violence/
Threats
1. Atomic macOS Stealer Launches with Sophisticated New Backdoor
A new iteration of the Atomic macOS Stealer has been identified, featuring enhanced backdoor functionalities. This latest version can evade detection, exfiltrate credentials, and maintain continuous access, representing an escalating threat to Mac users.
Read more: cybersecuritynews.com/atomic-macos-stealer-comes-with-new-backdoor/
2. Android Malware Rental Includes Advanced 2FA Interception
Researchers have uncovered a service providing Android malware as a rental package, now featuring 2FA interception capabilities. Cybercriminals are increasingly utilizing these tools to capture one-time passcodes during login activities, heightening risks for mobile users.
Read more: cybersecuritynews.com/renting-android-malware-with-2fa-interception/
3. Armouryloader: Bypassing System Security Protections
The newly identified ‘Armouryloader’ malware showcases advanced strategies to bypass system security safeguards. Targeted intrusions employing this malware can elude conventional defenses, underlining the importance of updated endpoint security.
Read more: cybersecuritynews.com/armouryloader-bypassing-system-security-protections/
4. Lumma Stealer Reveals Full Attack and Infection Chain
An extensive examination of the Lumma password stealer reveals a sophisticated malware infection pathway that can proliferate swiftly across systems. The report outlines methods that boost infection rates and data exfiltration.
Read more: cybersecuritynews.com/lumma-password-stealer-attack-infection-chain/
“““html
5. 0bj3ctivityStealer Utilizes Innovative Execution Techniques
A recent menace, 0bj3ctivityStealer, has surfaced with a fresh execution sequence that aids in avoiding detection and optimizing payload delivery on compromised machines.
Read more: cybersecuritynews.com/0bj3ctivitystealers-execution-chain/
6. Ransomware Collectives Join Forces with TrickBot Operators
Current operations reveal ransomware collectives collaborating with TrickBot malware operators, pooling resources to infiltrate corporate networks and enhance ransom returns.
Read more: cybersecuritynews.com/ransomware-groups-using-trickbot-malware/
7. Plague Malware Focuses on Linux Servers
A recently detected “Plague” malware is targeting Linux servers by capitalizing on unpatched weaknesses and inadequate security settings, posing threats to server infrastructure and hosted information.
Read more: cybersecuritynews.com/plague-malware-attacking-linux-servers/
Vulnerability
1. Severe Vulnerability in Cisco Identity Services Engine
A newly uncovered vulnerability exposes Cisco’s ISE platform to risks of remote code execution and privilege escalation. The flaw can be exploited by unauthorized attackers through a network, emphasizing the necessity for swift patching.
Read more: cybersecuritynews.com/cisco-identity-services-engine-vulnerability
2. Gemini CLI Under Threat: Vulnerability Lets Hidden Command Execution
Investigators identified a significant flaw in Google’s Gemini CLI tool—allowing aggressors to covertly run harmful commands on developer systems via prompt injection and faulty validation. Concealed payloads could extract credentials without user awareness. Update to v0.1.14+ promptly!
Read more: cybersecuritynews.com/gemini-cli-vulnerability/
3. SonicWall: Several n-Day Vulnerabilities Disclosed
Recently published alerts detail numerous exposed n-day vulnerabilities in SonicWall products, prompting organizations to upgrade and adopt layered defenses as attackers increasingly target unpatched endpoints.
Read more: cybersecuritynews.com/sonicwall-n-day-vulnerabilities/
4. Chrome Initiates Urgent Security Update
Google released an emergency security update for the Chrome browser to resolve multiple actively exploited vulnerabilities. Users are strongly encouraged to apply updates to avert infections and data leaks.
Read more: cybersecuritynews.com/chrome-security-update-138/
5. SonicWall SSL VPN Vulnerable to DoS Attacks
A new Denial-of-Service vulnerability affecting SonicWall SSL VPN devices could enable adversaries to interrupt business activities. Immediate software updates are advised.
Read more: cybersecuritynews.com/sonicwall-ssl-vpn-dos-vulnerability/
6. “Man-in-the-Prompt” Attack Aims at AI-Powered Development Tools
Cybersecurity analysts are cautioning about a novel “Man-in-the-Prompt” attack aimed at AI-powered coding assistants, where malicious prompt manipulation could lead AI models to execute detrimental commands or reveal confidential information.
Read more: cybersecuritynews.com/man-in-the-prompt-attack/
7. CrushFTP 0-Day: Technical Information & PoC Released
Complete technical information and a proof-of-concept have been unveiled for an actively exploited 0-day in CrushFTP. Immediate action is necessary for affected administrators.
Read more: cybersecuritynews.com/crushftp-0-day-technical-details-poc-released/
8. Google Project Zero’s Latest Vulnerability Announcement
Project Zero researchers at Google have made public their latest findings, including comprehensive reports on recently discovered zero-day exploits and their ramifications on major software ecosystems.
Read more: cybersecuritynews.com/google-project-zero-vulnerability-disclosure/
Other News
1. GitHub Outage Impacts Millions of Developers
On July 28, 2025, GitHub faced a worldwide outage, temporarily disrupting code pushes, API requests, and issue tracking functionalities for developers around the globe. The incident, traced back to networking issues, caused intermittent errors for approximately 4% of requests and delayed deployments, but total recovery occurred within roughly 3.5 hours.
Read more: cybersecuritynews.com/github-outage-disrupts-core-services
2. Apple Introduces Native Containerization in macOS
Apple revealed a native containerization framework for macOS at WWDC 25, allowing Macs to execute OCI images in micro-VMs—facilitating the direct launch of Kali Linux without Docker Desktop. This feature, aimed at Apple Silicon with a full release in “Tahoe” (macOS 26) this autumn, significantly enhances security, speed, and resource efficiency for Linux workflows on Mac.
Read more: cybersecuritynews.com/apples-containerization-feature-macos
3. Palo Alto Networks to Purchase CyberArk
Palo Alto Networks announced plans to acquire identity security frontrunner CyberArk, indicating a substantial consolidation in the cybersecurity industry. This strategic decision seeks to bolster cloud identity protection and expand zero-trust capabilities.
Read more: cybersecuritynews.com/palo-alto-networks-acquire-cyberark
4. ChatGPT: Influencing the Future of Search Engines
OpenAI’s ChatGPT is increasingly shaping search trends, providing natural language responses that transform how users seek information—presenting new challenges and opportunities for traditional search engines.
Read more: cybersecuritynews.com/chatgpt-conversations-search-engines
5. WhatsApp Zero-Click Exploit Warning
Security specialists alert users to a zero-click vulnerability in WhatsApp, enabling attackers to compromise devices without any user involvement. Immediate patching and caution are urged for both individuals and organizations.
Read more: cybersecuritynews.com/whatsapp-0-click-exploit
“`